Data Protection

Unless where otherwise stated, definitions used in this clause shall have the meanings set out in the Agreement;

“Agreement”: the Order Confirmation Form and Terms and Conditions (including this Data Protection clause) between Licensor and Customer;  

“personal data”, “controller”, “processor”, “processing”, “data subject” and “supervisory authority” shall have the meanings ascribed to them under the GDPR, as applicable;

“Agreed Purpose”: the performance by Licensor of its obligations under this Agreement including the promotion of the Licensed Products by the Licensor as further described in the Privacy Policy;

“Customer Data” means the personal data in whatever form or medium which is supplied, or in respect of which access is granted, to Licensor under this Agreement which shall be confined to the following categories of personal data: the first and last name, email address, location, phone number, job title and where necessary the bank account details of the Customer or where relevant its employees or contractors  who wish to access the Licensed Products;

“Data Protection Law” means where applicable, the  General Data Protection Regulation ((EU) 2016/679) (GDPR), the European Privacy and Electronic Communications Directive (Directive 2002/58/EC), as amended or replaced from time to time and all other national, international, regional, federal or other laws related to data protection and privacy that are applicable to any territory where Licensor processes personal data or is established;

“Privacy Policy” means the privacy policy available on the website of the Licensed Product;

“Reportable Breach” means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to Customer Data transmitted, stored or otherwise processed;

“Third Party Recipient” means any contractor, subcontractor or other party engaged by Licensor in relation to its performance of the Agreement who is or will be processing Customer Data, whether as a controller or processor and who may be located outside of the European Economic Area.

For the purposes of this Agreement, the Customer and Licensor agree that each party:

(a) acts as a controller in respect of the Customer Data;

(b) shall only process the Customer Data in compliance with Data Protection Law and shall not cause itself or the other party to be in breach of Data Protection Law;

(c) shall provide the other party with reasonable details of any enquiry, complaint, notice or other communication it receives from any supervisory authority relating to its processing of the Customer Data, and act reasonably in co-operating with the other party in respect of its response to the same; and

(d) shall act reasonably in providing such information and assistance as the other party may reasonably request to enable it to comply with its own obligations under Data Protection Law, including in the event of a Reportable Breach.

As the recipient of the Customer Data, Licensor shall:

(a) use the Customer Data for the Agreed Purpose only or as necessary to comply with its requirements under any applicable law;

(b) maintain all appropriate technical and organisational measures to ensure security of the Customer Data including protection against unauthorised or unlawful processing (including, without limitation, unauthorised or unlawful disclosure of, access to and/or alteration of the Customer Data);

(c) be authorised to transfer and/or disclose Customer Data to Third Party Recipients, subject to the Licensor entering into a written agreement with such Third Party Recipients containing obligations which are no less onerous than those set out in this clause and provide details of such Third Party Recipients in the Privacy Policy.